26

It appears as both debian:stable-slim and debian:stable are both currently broken (for updates):

> $ docker run -ti --rm  debian:stable-slim
Unable to find image 'debian:stable-slim' locally
stable-slim: Pulling from library/debian
fc491617b0f1: Pull complete
Digest: sha256:a85c2c0e634946e92a6f4a9a4f6ce5f19ce7c11885bc198f04ab3ae8dacbaffa
Status: Downloaded newer image for debian:stable-slim
root@e610973ac2f8:/# apt update
Ign:1 http://security.debian.org/debian-security stable/updates InRelease
Err:2 http://security.debian.org/debian-security stable/updates Release
  404  Not Found [IP: 151.101.130.132 80]
Get:3 http://deb.debian.org/debian stable InRelease [113 kB]
Get:4 http://deb.debian.org/debian stable-updates InRelease [36.8 kB]
Get:5 http://deb.debian.org/debian stable/main amd64 Packages [8178 kB]
Reading package lists... Done
E: The repository 'http://security.debian.org/debian-security stable/updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Anyone else experienced this or found a workaround?

Improve this question
2
  • This is most likely related to the release of Debian Bullseye. I was able to work around the issue by switching to "debian:buster-slim".
    – vpetersson
    Commented Aug 16, 2021 at 13:34
  • FYI buster-slim(Debian 10) has 6X the critical vulnerabilities of stretch-slim (Debian 9) or jessie-slim (Debian 8)
    – alanionita
    Commented May 2, 2023 at 9:46

3 Answers 3

Reset to default
27

I was able to fix this by changing this line:

deb http://security.debian.org/debian-security stable/updates main

to

deb http://security.debian.org/debian-security stable-security/updates main

You can do that by running:

sed -i 's/stable\/updates/stable-security\/updates/' /etc/apt/sources.list
Improve this answer
3
  • 1
    Nice. Yeah it's most likely related to some changes in Debian Bullseye, which is now the latest 'stable' release.
    – vpetersson
    Commented Aug 16, 2021 at 13:35
  • 5
    There's been a rename of the security updates repository for Debian 11. See the gray box: debian-handbook.info/browse/en-US/stable/…
    – zzu
    Commented Aug 17, 2021 at 15:25
  • Thanks, this helped me immensely!
    – Nicolas Rouquette
    Commented Dec 6, 2021 at 23:06
14

Issue

Faced this issue on a Debian Stretch (9) Docker image.

The below error came up when running apt-get update

W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages  404  Not Found [IP: xx]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages  404  Not Found
E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages  404  Not Found
E: Some index files failed to download. They have been ignored, or old ones used instead.

Background

This is related to the security repo in particular.

These repo definitions are used by apt to fetch update and they are defined in /etc/apt/sources.list

The official Debian Security recommendation - https://www.debian.org/security/

To keep your Debian operating system up-to-date with security patches, please add the following line to your /etc/apt/sources.list file

`deb http://security.debian.org/debian-security bullseye-security main contrib non-free`

Answer

Add this line in the Dockerfile

RUN echo "deb http://security.debian.org/debian-security bullseye-security main contrib non-free" > /etc/apt/sources.list

RUN apt-get update

Other solutions

What didn't work for me:

  • Changing the repo to stable-security
  • Running apt with --allow-releaseinfo-change flag - the flag pairing with apt-get update was not recognised

What else worked:

  • Instead of using the bullseye security repo you could use the stretch archive repo deb http://archive.debian.org/debian stretch main contrib non-free; it would be better to stick to the security from the latest release from a security perspective

Update

The above is correct if you are just zooming in on the security repo issue.

Why are we having these problems with the security repo?

In my case Debian 9 is an archived, unsupported, unmaintained version.

Although I could "fix" (bypass) the security repo, I had further issues with dependency repos for APT. Since the version is deprecated these repos needed to point to archive.

In general this forced me to upgrade to Debian 10. On Debian 10 I had no need for the above fix.

Improve this answer
6
  • When I do your idea, I see this: apt update Hit:1 http://security.debian.org/debian-security stable-security/updates InRelease Get:2 http://security.debian.org/debian-security stable-security/updates/non-free amd64 Packages [528 B] Ign:3 https://packages.sury.org/php stretch InRelease Err:4 https://packages.sury.org/php stretch Release 403 Forbidden Reading package lists... Done Do you see a 403 as well?
    – Tyler Collier
    Commented May 2, 2023 at 17:26
  • Nevermind. I realized it was trying to access packages.sury.org/php... due to a file at /etc/apt/sources.list.d/php.list which I didn't realize was there.
    – Tyler Collier
    Commented May 2, 2023 at 17:39
  • 1
    Just added an update. Turns out that I didn't spend enough time asking why I'm having these security repo issues. In my case it was because we used Debian 9 which is outside of LTS support. The fix above resolves apt security repo issues, but you will later experience issues with downloading packages.This is because apt should point to an archive repo for packages, but as you know this stops you from using the latest versions. In my case I had to upgrade the base image to Debian 10 and I didn't need the above fix at all, nor did I have any problems with package downloads via apt.
    – alanionita
    Commented May 3, 2023 at 15:58
  • 1
    Yeah, it would be nice if, when trying to run apt update, it said something like You know you're on a super old version that's beyond support, even LTS support, right?. That might've saved me a lot of googling. As it was, I found dozens of related answers around the internet that were all from before June 2022, when LTS support ended, so i went down too many rabbit holes. In the end I upgraded my Debian version just like you.
    – Tyler Collier
    Commented May 3, 2023 at 16:18
  • hey @alanionita , I posted above about my docker, would you know how to update that to get the appropriate debian updates?
    – james emanon
    Commented May 4, 2023 at 23:11
0

From debian.org... (replace "stretch" with your current running version). Erase the other lines that look similar, then apt-get update and apt-get upgrade.

deb http://archive.debian.org/debian/ stretch main non-free contrib
deb-src http://archive.debian.org/debian/ stretch main non-free contrib

deb http://archive.debian.org/debian-security/ stretch/updates main non-free contrib
deb-src http://archive.debian.org/debian-security/ stretch/updates main non-free contrib
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .